Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

About one and a half years (July 2003 I think) ago I added a page to my website where people can subscribe to my newsletter and another page to unsubscribe if they wish. I wrote one newsletter that contained a brief introduction to me and my company and what I am trying to achieve, a short bio and even a not very good photo. I will update my new bio page soon, I promise :D. I had planned to publish the newsletter every two or three months and have in it two or three technical articles about Oracle security of course. In the first newsletter I talked about protecting the database from illicit use of SQL*Plus and gave some examples of the use of product user profile and how it can be bypassed, renaming SQL*Plus and a few other ideas in the same vein.

If you check my previous newsletter page you will see that there is still just one newsletter. :(. This is mainly due to lack of time to write something as in-depth as the first newsletter.

I plan to re-launch the newsletter very soon, in the next couple of weeks, again time permitting but with a slightly different format - the main reasoning being that I want to get a newsletter out there as I have a lot of subscribers, I think without counting in the region of 400 and I feel I have a duty to provide something that has been promised. The problem was that I set a high standard in terms of content and length with the first one that is hard in terms of time to follow up on.

So my feeling is that the newsletter will be much shorter than the first one, but much more frequent, at least once a month and maybe more frequent. I plan to have three sections. The first an intro - whatís been happening section - any good relevant new items and pages on the site that have changed etc, maybe prominent news items. The second being a short to medium length article on something relevant to Oracle security. The final section will be a summary of the best entries in the blog since the last newsletter for those that do not read the blog.

The one area I wanted to combine with the newsletter that wasn't planned for the first one was to inform people of when the site has changed, when new content has been added that they might like to look at. Quite a few people have asked me if itís possible to be made aware of when pages have changed. When I added a lot of new menu items and pages recently I planned a page for people to register to be told of updates. My thoughts since was to create a simple newsletter for this purpose and send it out, then I thought why not simply combine it as a short section in the main newsletter and get it out there more regularly. So that is what I plan to do. Of course you can also see the changed or added pages in the sitemap as well, indicated by the new graphics.

I have had a look for some mailing list software a couple of weekends ago and have read the set-up, features, readmes etc of quite a few and I have settled on one solution. I hope to get this installed and tested soon. Then I will send out the first of the re-vitalised Oracle Security mailing lists. If you have subscribed already then I must apologise for the delay in sending out the list, if not then please do if you wish.

PFCLTraining is a set of expert training classes for you, aimed at teaching how to audit your own Oracle database,
design audit trails, secure code in PL/SQL and secure and lock down your Oracle database.